i surfed the net & now my pc has spyware pop ups,i copied the highjacker file for you to help me out

this is a log fie from highjacker can someone please read this & help me out iv'e tried a few adawre programs & one or two antivirus programs & cc-cleaner but to no avail,through surving the net trying to just look at an adult site i got viruses gurlor,

im only a basic pc user i tried to read up on how to try to get rid of this spyware pop up problem by safe moding & starting avg then to start another program to then do another three or four steps i just got confused,i am lost without my pc shes my lover & a friend that does not argue with me nor want to use me or abuse me for my money,

she just is sensitive to the web sites,please help me restore some of my lost or damaged dills & redownload internet explorer 7 ,it seems as if some softwares rely on it,& about(files missing),im hearing popup sounds in the back ground,my pc is going mad ,i have uninstalled both firefox 3 beta version & i uninstalled the internet explorer 7.

it had to me bugs,& every minute it was driving me crazy with alll these pop ups to open this & open that to download antivirus software to help me fix the problem,but they want me to part with my money,i want a a freeware software please of anything you give me help with & a easier guide to solving the issue,

being that iv'e used the highjacker program to obtain the details i needed to pass them over to you an expert who can tell me what to do,because i might delete the wrong items then my pc wont be functioning properly,please get it back to the way she was intended to perform my friends at afterdawn.com,

isn't there also a internet software that can protect my pc from these adult sites being that i might be tempted to want to just surf on through them now & again & maybe download the odd few movies now & again,like a surf the web anonimous antispyware sheild that protects my pc from getting attacked like this because just because i like to surf around a lot i have got script problems files missing dills missing,

maybe my drivers are not working right now because of all this,freeware is what i need & a basic guide to solving this major spyware pop up adaware & trojuns that iv'e got. thank you. -Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:47:14, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\WinPCDoctor\strpmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MemInfo\meminfo.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: 299914 helper - {47DF236B-7D10-4C01-9820-50C0D54E7841} - C:\WINDOWS\system32\299914\299914.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - C:\WINDOWS\system32\375013\375013.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1201727103468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201727078062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: bimaculate - {d70e9b0f-aabc-4066-8176-c6de84d92fa1} - C:\WINDOWS\system32\kknwg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

--
End of file - 7276 bytes

 

Hey engin123,

Please be patient while I review your HijackThis log and follow the instructions below. Do not fix anything until you are instructed to. Thanks.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Go!

~Ltangel~

 

this is the main text notepad i will send the second one to you straight after,god bless bro,you should be my neighbour/

Deckard's System Scanner v20071014.68
Run by EDDY on 2008-03-28 09:31:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
112: 2008-03-28 09:31:53 UTC - RP112 - Deckard's System Scanner Restore Point
111: 2008-03-28 03:05:56 UTC - RP111 - Software Distribution Service 3.0
110: 2008-03-28 01:39:42 UTC - RP110 - Restore Operation
109: 2008-03-28 01:32:02 UTC - RP109 - Restore Operation
108: 2008-03-28 01:26:11 UTC - RP108 - 12/03/08 AT 1200


-- First Restore Point --
1: 2008-01-30 01:47:21 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as EDDY.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32:56, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\WinPCDoctor\strpmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MemInfo\meminfo.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\EDDY\Local Settings\Temporary Internet Files\Content.IE5\Z05KFWRG\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\EDDY.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: 299914 helper - {47DF236B-7D10-4C01-9820-50C0D54E7841} - C:\WINDOWS\system32\299914\299914.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - C:\WINDOWS\system32\375013\375013.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1201727103468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201727078062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: bimaculate - {d70e9b0f-aabc-4066-8176-c6de84d92fa1} - C:\WINDOWS\system32\kknwg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

--
End of file - 7216 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Pcatip - c:\windows\system32\drivers\pcatip.sys <Not Verified; VSO Software; Patin-Couffin Autoplay(tm) support driver>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 ZSMC302 (VIMICRO USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; >

S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-27 18:00:00 440 --a------ C:\WINDOWS\Tasks\ParetoLogic Registration.job
2008-03-24 16:02:47 344 --a------ C:\WINDOWS\Tasks\SmartDefrag.job


-- Files created between 2008-02-28 and 2008-03-28 -----------------------------

2008-03-28 07:45:57 0 d-------- C:\UBCD4Win
2008-03-28 04:57:20 0 d-------- C:\Program Files\AntiSpyKit 5.3
2008-03-28 01:46:19 0 d-------- C:\Program Files\Trend Micro
2008-03-28 01:37:46 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-28 00:57:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-27 23:01:14 0 d-------- C:\WINDOWS\system32\299914
2008-03-27 20:40:55 0 d-------- C:\Program Files\Lavasoft
2008-03-27 20:40:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-27 20:40:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 18:48:55 0 dr-h----- C:\Documents and Settings\EDDY\Recent
2008-03-27 12:00:09 0 d-------- C:\Program Files\CCleaner
2008-03-27 02:29:56 0 d-------- C:\Documents and Settings\All Users\Application Data\YourPrivacyGuard
2008-03-27 00:31:45 0 d-------- C:\Program Files\Common Files\SecurePCCleaner
2008-03-27 00:24:13 0 dr------- C:\Documents and Settings\All Users\Application Data\winpcdoctor
2008-03-27 00:23:40 0 d-------- C:\Program Files\Common Files\WinPCDoctor
2008-03-27 00:21:49 261896 --a------ C:\Documents and Settings\EDDY\Application Data\setup_en[1].exe <Not Verified; Locus Software, Inc.; Locus Installer>
2008-03-26 23:55:19 0 d-------- C:\WINDOWS\system32\375013
2008-03-26 23:54:55 0 d-------- C:\Program Files\NetProject
2008-03-24 11:22:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-23 14:11:22 0 d-------- C:\Documents and Settings\EDDY\Application Data\MozillaControl
2008-03-23 10:24:49 0 d-------- C:\Documents and Settings\EDDY\Application Data\Opera
2008-03-22 21:16:04 0 d-------- C:\Documents and Settings\EDDY\AbiSuite
2008-03-22 18:30:41 0 d-------- C:\Program Files\LingvoSoft
2008-03-22 18:13:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2008-03-20 12:58:30 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-19 00:32:46 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-19 00:27:21 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-18 23:36:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-03-18 23:36:12 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-03-15 19:34:08 0 d-------- C:\Program Files\DivX
2008-03-15 19:28:29 36734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-03-15 19:04:51 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-11 12:09:41 0 d-------- C:\Program Files\Kontiki
2008-03-11 12:09:41 0 d-------- C:\logs3
2008-03-11 12:09:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-11 12:09:23 0 d-------- C:\WINDOWS\Downloaded Installations
2008-03-06 00:05:37 0 d-------- C:\Documents and Settings\EDDY\Application Data\Real
2008-03-02 06:54:26 56832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll
2008-03-02 06:54:26 27648 --a------ C:\WINDOWS\system32\ir50_lcs.dll <Not Verified; Intel Corporation.; Intel Indeo® video 5.0 LC>
2008-03-02 06:54:09 305152 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-03-02 06:51:00 0 d-------- C:\Program Files\LEAD Technologies, Inc
2008-03-02 06:35:04 62464 --a------ C:\WINDOWS\system32\cygz.dll
2008-03-02 06:35:04 1208320 --a------ C:\WINDOWS\system32\cygxml2-2.dll
2008-03-02 06:35:04 1153417 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2008-03-02 06:35:04 980992 --a------ C:\WINDOWS\system32\cygiconv-2.dll
2008-03-02 06:33:57 57344 --a------ C:\WINDOWS\system32\WNASPINT.DLL <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-03-01 18:34:45 0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-03-28 09:32:59 0 d-------- C:\Documents and Settings\EDDY\Application Data\Azureus
2008-03-28 09:28:06 0 d-------- C:\Documents and Settings\EDDY\Application Data\Vso
2008-03-28 09:28:05 668 --a------ C:\Documents and Settings\EDDY\Application Data\vso_ts_preview.xml
2008-03-27 20:40:02 0 d-------- C:\Program Files\Common Files
2008-03-27 20:30:25 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-27 02:40:00 6397 --a------ C:\Documents and Settings\EDDY\Application Data\update.log
2008-03-25 21:39:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-25 13:04:56 0 d-------- C:\Program Files\Azureus
2008-03-25 09:57:13 0 d-------- C:\Documents and Settings\EDDY\Application Data\uTorrent
2008-03-24 16:02:39 0 d-------- C:\Program Files\IObit
2008-03-24 15:12:31 13312 --a-s---- C:\WINDOWS\system32\kknwg.dll
2008-03-24 10:35:11 0 d-------- C:\Documents and Settings\EDDY\Application Data\CopyToDvd
2008-03-20 12:58:54 0 d-------- C:\Documents and Settings\EDDY\Application Data\Mozilla
2008-03-19 01:05:13 0 d-------- C:\Program Files\XP Smoker
2008-03-17 22:31:51 0 d-------- C:\Documents and Settings\EDDY\Application Data\BSplayer PRO
2008-03-15 19:10:00 0 d-------- C:\Documents and Settings\EDDY\Application Data\DivX
2008-03-14 22:48:10 0 d-------- C:\Documents and Settings\EDDY\Application Data\DVD Flick
2008-03-02 06:36:17 0 d-------- C:\Program Files\Cucusoft
2008-03-01 18:34:56 0 d-------- C:\Program Files\iTunes
2008-02-21 02:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-21 02:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-21 02:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 02:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 02:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-18 13:13:14 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-15 02:44:08 0 d-------- C:\Program Files\Driver Magician
2008-02-15 01:19:03 0 d-------- C:\Documents and Settings\EDDY\Application Data\Help
2008-02-10 18:29:35 0 d-------- C:\Documents and Settings\EDDY\Application Data\ImgBurn
2008-02-10 18:29:11 0 d-------- C:\Program Files\ImgBurn
2008-02-10 00:00:44 0 d-------- C:\Program Files\Alwil Software
2008-02-09 20:03:52 0 d-------- C:\Documents and Settings\EDDY\Application Data\Any DVD Converter Professional
2008-02-09 20:00:49 0 d-------- C:\Program Files\Any DVD Converter Professional
2008-02-09 19:53:20 0 d-------- C:\Documents and Settings\EDDY\Application Data\Media Player Classic
2008-02-09 19:51:54 680 --a------ C:\Documents and Settings\EDDY\Application Data\coreavc.ini
2008-02-08 22:50:25 0 d-------- C:\Program Files\iSofter
2008-02-06 21:29:10 0 d-------- C:\Documents and Settings\EDDY\Application Data\Nero
2008-02-06 11:11:06 0 d-------- C:\Documents and Settings\EDDY\Application Data\WinSpyControl
2008-02-05 22:05:06 0 d-------- C:\Program Files\VSO
2008-02-05 15:19:29 0 d-------- C:\Documents and Settings\EDDY\Application Data\NCH Swift Sound
2008-02-05 10:43:54 0 d-------- C:\Documents and Settings\EDDY\Application Data\Launchy
2008-02-05 09:30:17 0 d-------- C:\Documents and Settings\EDDY\Application Data\VSO_HWE
2008-02-04 20:51:15 0 d-------- C:\Documents and Settings\EDDY\Application Data\Ahead
2008-02-04 20:18:29 0 d-------- C:\Program Files\MSECache
2008-02-04 19:59:33 0 d-------- C:\Program Files\Microsoft DirectX SDK (November 2007)
2008-02-04 18:04:39 0 d-------- C:\Program Files\Noël Danjou
2008-02-04 07:20:46 0 d-------- C:\Program Files\MemInfo
2008-02-02 19:55:19 0 d-------- C:\Documents and Settings\EDDY\Application Data\IObit
2008-02-02 18:18:36 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-02 17:16:29 0 d-------- C:\Documents and Settings\EDDY\Application Data\SpywareRemover
2008-02-02 17:08:34 0 d-------- C:\Documents and Settings\EDDY\Application Data\Avant Profiles
2008-02-02 17:08:31 0 d-------- C:\Program Files\Avant Browser
2008-02-02 16:59:45 0 d-------- C:\Program Files\Citi-Software
2008-02-02 16:17:06 0 d-------- C:\Program Files\NCH Software
2008-02-01 23:01:14 0 d-------- C:\Program Files\Cool PDF Reader
2008-02-01 22:32:14 0 d-------- C:\Program Files\Machinist2DLL
2008-02-01 21:49:28 0 d-------- C:\Program Files\007DVD
2008-02-01 09:31:39 0 dr------- C:\Documents and Settings\EDDY\Application Data\Brother
2008-02-01 09:17:42 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-02-01 09:17:29 0 d-------- C:\Program Files\Brother
2008-02-01 09:15:57 0 d-------- C:\Documents and Settings\EDDY\Application Data\InstallShield
2008-02-01 09:14:56 0 d-------- C:\Program Files\Nuance
2008-02-01 09:13:42 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-02-01 09:13:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-01 09:13:24 0 d-------- C:\Program Files\ScanSoft
2008-02-01 08:05:19 0 d-------- C:\Program Files\uTorrent
2008-02-01 01:00:58 0 d-------- C:\Program Files\Real
2008-02-01 00:42:44 0 d-------- C:\Program Files\AC3Filter
2008-02-01 00:18:46 0 d-------- C:\Program Files\coverXP
2008-02-01 00:07:28 0 d-------- C:\Program Files\DVDFab Gold 4
2008-01-31 23:56:41 34 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.log
2008-01-31 23:56:36 47360 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-31 23:56:36 1144 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.inf
2008-01-31 23:56:36 7887 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.cat
2008-01-31 23:56:35 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-01-31 23:50:08 0 d-------- C:\Documents and Settings\EDDY\Application Data\Apple Computer
2008-01-31 23:49:35 0 d-------- C:\Program Files\Bonjour
2008-01-31 23:48:29 0 d-------- C:\Program Files\Apple Software Update
2008-01-31 23:48:05 0 d-------- C:\Program Files\Common Files\Apple
2008-01-31 23:34:38 0 d-------- C:\Documents and Settings\EDDY\Application Data\WinPatrol
2008-01-31 23:34:30 0 d-------- C:\Program Files\BillP Studios
2008-01-31 23:17:33 0 d-------- C:\Documents and Settings\EDDY\Application Data\Adobe
2008-01-31 22:42:23 0 d-------- C:\Program Files\Windows Live
2008-01-31 22:40:15 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-31 22:20:31 0 d-------- C:\Program Files\Messenger
2008-01-31 21:07:37 0 d-------- C:\Documents and Settings\EDDY\Application Data\LimeWire
2008-01-31 21:04:37 0 d-------- C:\Program Files\LimeWire
2008-01-31 20:35:27 0 d-------- C:\Program Files\Vimicro
2008-01-31 20:32:04 0 d-------- C:\Program Files\Xvid
2008-01-31 02:31:12 0 d-------- C:\Program Files\Microsoft Works
2008-01-31 02:30:57 0 d-------- C:\Program Files\MSBuild
2008-01-31 02:29:23 0 d-------- C:\Program Files\Microsoft.NET
2008-01-31 02:27:38 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-30 23:41:23 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-30 23:34:49 0 d-------- C:\Program Files\Nero
2008-01-30 23:31:15 0 d-------- C:\Documents and Settings\EDDY\Application Data\vlc
2008-01-30 23:28:39 0 d-------- C:\Program Files\VideoLAN
2008-01-30 23:26:52 1167 --a------ C:\WINDOWS\mozver.dat
2008-01-30 23:23:17 0 d-------- C:\Documents and Settings\EDDY\Application Data\Macromedia
2008-01-30 23:12:31 0 d-------- C:\Documents and Settings\EDDY\Application Data\Sun
2008-01-30 23:03:20 0 d-------- C:\Program Files\Java
2008-01-30 23:01:58 0 d-------- C:\Program Files\Common Files\Java
2008-01-30 21:20:12 0 d-------- C:\Program Files\MSXML 6.0
2008-01-30 21:20:01 0 d-------- C:\Program Files\MSXML 4.0
2008-01-30 02:48:09 25004 --a------ C:\WINDOWS\system32\tcpipbak.reg
2008-01-30 02:34:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-30 01:47:09 0 d-------- C:\Documents and Settings\EDDY\Application Data\Identities
2008-01-30 01:19:05 0 d-------- C:\Program Files\microsoft frontpage
2008-01-30 01:18:49 0 -rahs---- C:\MSDOS.SYS
2008-01-30 01:18:49 0 -rahs---- C:\IO.SYS
2008-01-30 01:18:49 0 --a------ C:\CONFIG.SYS
2008-01-30 01:18:49 0 --a------ C:\AUTOEXEC.BAT
2008-01-30 01:17:32 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-30 01:16:37 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-30 01:16:26 0 d-------- C:\Program Files\Movie Maker
2008-01-30 01:15:33 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-30 01:15:12 0 d-------- C:\Program Files\Online Services
2008-01-30 01:14:55 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-30 01:14:47 0 d-------- C:\Program Files\Windows NT
2008-01-30 01:07:55 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-30 01:07:51 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-30 01:07:28 62 --ahs---- C:\Documents and Settings\EDDY\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47DF236B-7D10-4C01-9820-50C0D54E7841}]
27/03/2008 23:01 13312 --a------ C:\WINDOWS\system32\299914\299914.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}]
26/03/2008 23:55 13312 --a------ C:\WINDOWS\system32\375013\375013.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
28/03/2008 03:14 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Program Files\NetProject\wamdl.dll [26/03/2008 23:55 85504]

[-HKEY_CLASSES_ROOT\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [09/06/2004 15:37]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [07/01/2008 23:29]
"strpmon"="C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" [26/02/2008 09:40]
"Salestart"="C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" [26/02/2008 09:40]
"SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol Helper DLL"="C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll" [27/01/2008 05:38]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:56]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [27/02/2008 17:56]
"Windows update loader"="C:\Windows\xpupdate.exe" [27/03/2008 23:00]
"SpyShredder"="C:\Program Files\SpyShredder\SpyShredder.exe" []

C:\Documents and Settings\EDDY\Start Menu\Programs\Startup\
MemInfo.lnk - C:\Program Files\MemInfo\meminfo.exe [13/01/2008 17:16:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoStartMenuEjectPC"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"some"=C:\Program Files\NetProject\scit.exe
"start"=C:\Program Files\NetProject\sbmntr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1 (0x1)
"NoSetActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoActiveDesktop"=2 (0x2)
"NoViewContextMenu"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoToolbarCustomize"=1 (0x1)
"NoBandCustomize"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoDesktopCleanupWizard"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoRecycleFiles"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoStartMenuEjectPC"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d70e9b0f-aabc-4066-8176-c6de84d92fa1}"= C:\WINDOWS\system32\kknwg.dll [24/03/2008 15:12 13312]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot




-- End of Deckard's System Scanner: finished at 2008-03-28 09:33:24 ------------

 

this is the extra text notepad.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3200+
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 1022.48 MiB / 453.87 MiB
Pagefile Memory (total/avail): 2459.68 MiB / 2094.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.43 MiB

C: is Fixed (NTFS) - 186.3 GiB total, 128.93 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200822AS - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:

\\.\PHYSICALDRIVE5 - Brother DCP-135C USB Device

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\EDDY\\Desktop\\Azureus\\Azureus.exe"="C:\\Documents and Settings\\EDDY\\Desktop\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\Documents and Settings\\EDDY\\Desktop\\uTorrent\\uTorrent.exe"="C:\\Documents and Settings\\EDDY\\Desktop\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabledelivery Manager Service"
"C:\\Program Files\\007DVD\\007 DVD Creator\\DVDCreator.exe"="C:\\Program Files\\007DVD\\007 DVD Creator\\DVDCreator.exe:*:Enabled:007 DVD Creator"
"C:\\Program Files\\Any DVD Converter Professional\\DVDConvPro.exe"="C:\\Program Files\\Any DVD Converter Professional\\DVDConvPro.exe:*:Enabled:Any DVD Converter Professional"
"C:\\Program Files\\VSO\\ConvertX\\3\\ConvertXtoDvd.exe"="C:\\Program Files\\VSO\\ConvertX\\3\\ConvertXtoDvd.exe:*:Enabled:ConvertXToDVD 3"
"C:\\Program Files\\DivX\\DivX Codec\\DivX EKG.exe"="C:\\Program Files\\DivX\\DivX Codec\\DivX EKG.exe:*:EnabledivX EKG"
"C:\\Program Files\\DivX\\DivX Player\\DivX Player.exe"="C:\\Program Files\\DivX\\DivX Player\\DivX Player.exe:*:EnabledivX Player"
"C:\\Program Files\\VSO\\DivxToDVD\\DivxToDVD.exe"="C:\\Program Files\\VSO\\DivxToDVD\\DivxToDVD.exe:*:EnabledivxToDVD"
"C:\\Program Files\\DVDFab Gold 4\\DVDFabGold.exe"="C:\\Program Files\\DVDFab Gold 4\\DVDFabGold.exe:*:EnabledVDFab Gold 4"
"C:\\Program Files\\DVDFab Platinum 4\\DVDFabPlatinum.exe"="C:\\Program Files\\DVDFab Platinum 4\\DVDFabPlatinum.exe:*:EnabledVDFab Platinum 4"
"C:\\Program Files\\IObit\\IObit SmartDefrag\\IObit SmartDefrag.exe"="C:\\Program Files\\IObit\\IObit SmartDefrag\\IObit SmartDefrag.exe:*:Enabled:IObit SmartDefrag"
"C:\\Documents and Settings\\EDDY\\My Documents\\The KMPlayer\\KMPlayer.exe"="C:\\Documents and Settings\\EDDY\\My Documents\\The KMPlayer\\KMPlayer.exe:*:Enabled:KMPlayer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire PRO 4.13.0"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Windows Live\\Mail\\wlmail.exe"="C:\\Program Files\\Windows Live\\Mail\\wlmail.exe:*:Enabled:Windows Live Mail"
"C:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"="C:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe:*:Enabled:WinPatrol"
"C:\\Program Files\\WinRAR\\WinRAR.exe"="C:\\Program Files\\WinRAR\\WinRAR.exe:*:Enabled:WinRAR"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\EDDY\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EDDY1
ComSpec=C:\WINDOWS\system32\cmd.exe
DXSDK_DIR=C:\Program Files\Microsoft DirectX SDK (November 2007)\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\EDDY
LOGONSERVER=\\EDDY1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Windows Live\Messenger\;C:\Program Files\Microsoft DirectX SDK (November 2007)\Utilities\Bin\x86;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Final Codecs\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\EDDY\LOCALS~1\Temp
TMP=C:\DOCUME~1\EDDY\LOCALS~1\Temp
USERDOMAIN=EDDY1
USERNAME=EDDY
USERPROFILE=C:\Documents and Settings\EDDY
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

EDDY (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
007 DVD Creator 2.0 --> "C:\Program Files\007DVD\007 DVD Creator\unins000.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Access Manager 2 --> MsiExec.exe /I{5590FCB1-AA19-4510-9FC1-BB6A8E0A14A5}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Agere Systems PCI Soft Modem --> agrsmdel
AMCap --> C:\Program Files\Noël Danjou\AMCap\uninst.exe
Any DVD Converter Professional 3.5.6 --> "C:\Program Files\Any DVD Converter Professional\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Before You Know It 3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D4304DB-EDF8-4EEC-A5B1-E46D978E1F21}\Setup.exe" -l0x9
BlindWrite5 --> "C:\Program Files\VSO\BlindWrite5\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brother MFL-Pro Suite --> "C:\Program Files\InstallShield Installation Information\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 2.99.9.600b --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
CopyToDVD --> "C:\Program Files\vso\CopyToDVD\unins000.exe"
coverXP (remove only) --> "C:\Program Files\coverXP\cxp-uninst.exe"
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 --> "C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 0.5.2b --> "C:\Program Files\vso\DivxToDVD\unins000.exe"
Driver Magician 2.8 --> "C:\Program Files\Driver Magician\unins000.exe"
DVDFab Gold (Non-CSS Version) 4.0.3.0 --> "C:\Program Files\DVDFab Gold 4\unins000.exe"
DVDFab Platinum 4.0.3.0 --> "C:\Program Files\DVDFab Platinum 4\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ImgBurn --> "C:\Program Files\ImgBurn\uninstall.exe"
Intel A/V Codecs V2.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
Internet Service --> "C:\Program Files\NetProject\waun.exe"
IObit SmartDefrag Beta4.03 --> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LEAD MCMP_MJPEG Codec Eval --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6C6303B-F56F-11D5-B90B-005004892044}\setup.exe"
LimeWire PRO 4.13.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Machinist2DLL --> C:\Program Files\Machinist2DLL\uninstall.exe
MemInfo (remove only) --> "C:\Program Files\MemInfo\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX SDK (November 2007) --> MsiExec.exe /I{CA97B421-06CB-4040-8EC9-6ED02EA87930}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0b4) --> C:\Program Files\Mozilla Firefox 3 Beta 4\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium --> MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1033}
NetMos Multi-IO Controller --> NmUninst.exe
PaperPort Image Printer --> MsiExec.exe /X{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
ScanSoft PaperPort 11 --> MsiExec.exe /I{B6C89654-A6A2-477C-873B-724EC1C56407}
Scientific-Atlanta WebSTAR 2000 series Cable Modem --> UNDPX2A.EXE
Secure Browsing --> "C:\Program Files\NetProject\sbun.exe"
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
The KMPlayer (remove only) --> "C:\Documents and Settings\EDDY\My Documents\The KMPlayer\uninstall.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UBCD4Win 3.12 --> "C:\UBCD4Win\unins000.exe"
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
VideoLAN VLC media player 0.8.6d --> C:\Documents and Settings\EDDY\My Documents\VLC\uninstall.exe
Vimicro USB PC Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XP Smoker Pro 5.1 --> "C:\Program Files\XP Smoker\unins000.exe"
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2951 / Success
Event Submitted/Written: 03/28/2008 04:55:04 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2942 / Success
Event Submitted/Written: 03/28/2008 01:40:18 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2931 / Success
Event Submitted/Written: 03/28/2008 01:16:48 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2917 / Success
Event Submitted/Written: 03/28/2008 01:07:22 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2904 / Success
Event Submitted/Written: 03/27/2008 11:52:16 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4155 / Warning
Event Submitted/Written: 03/28/2008 09:30:14 AM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type4139 / Error
Event Submitted/Written: 03/28/2008 03:14:27 AM
Event ID/Source: 2 / ParVdm
Event Description:
Unable to get device object pointer for port object.

Event Record #/Type4109 / Error
Event Submitted/Written: 03/28/2008 01:39:27 AM
Event ID/Source: 2 / ParVdm
Event Description:
Unable to get device object pointer for port object.

Event Record #/Type4097 / Error
Event Submitted/Written: 03/28/2008 01:31:41 AM
Event ID/Source: 2 / ParVdm
Event Description:
Unable to get device object pointer for port object.

Event Record #/Type4074 / Error
Event Submitted/Written: 03/28/2008 01:16:27 AM
Event ID/Source: 2 / ParVdm
Event Description:
Unable to get device object pointer for port object.



-- End of Deckard's System Scanner: finished at 2008-03-28 09:33:24 ------------

 

Hey engin123,

Looks like you didn't follow my instructions carefully. I asked you to save dss.exe to your desktop.

Please delete the dss[1].exe you downloaded from this folder: C:\Documents and Settings\EDDY\Local Settings\Temporary Internet Files\Content.IE5\Z05KFWRG\and REdownload it and save it to your desktop. Rescan with it, this time, do NOT post me the logs.

NB: In the future, please read EVERY word in my instructions carefully, and follow them as closely as possible. I'm not trying to be naggy here, one wrong step can cause serious damage to your computer. Thanks for your cooperation and understanding.

~Ltangel~

 

Hey engin123,

From your HijackThis log, you have no anti-virus running on your computer! This is very dangerous and you are vunerable to all kinds of infections! It is vital that you download and install ONE of the anti-virus programs listed below:

AVG 7.5 free Anti-virus
Avast anti-virus

NB: Please follow my instructions as closely as possible, and ask if you don't understand any part of the instructions.

----------------------------------------------------------------------

Run ComboFix

Please disable Avast or AVG 7.5 free anti-virus(depending on which one you chose to install) before you run ComboFix, instructions are as follows:

AVAST
Right click on the avast! icon in system tray and choose (Stop On-Access Protection)


AVG
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.

*********

[*]Close any open browsers.
[*]WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
[*]Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[*]If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------
[*]Double click on combofix.exe & follow the prompts.
[*]When finished, it will produce a report for you.
[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Next reply (please include):

Fresh HijackThis log
C:\ComboFix.txt

Go!

~Ltangel~

 

is this what it is that you want me to uninsta lUBCD4WinV312.exe then reinstal first then scan it with highjacker then save that note book to my desktop plus after iv'e done the rescan i must sent the results to you,but some of this stuff is new to me im worried,i did download this but im not sure what im meant to be using it for,

im downloding music files sometimes more movies so is this for that because i do get codecs problems somes times when the software would tell me that you cant convert this file because you don't have the right codecs installed thats for audio & video sometimes then the copies not really now but before sometimes they will play for a bit then stop & will not play any further,

i knw sometimes it is the discs if they get a clink on the surface that glitch can cause you picsaltation problems & freezing at the parts of the movie where you are enjoying it the most,or they say it might be your drivers need updating,or they say it might be the software you are using there might be a bug in it,

or they might say that you should change the dvd-r settings to doa instead of soa i hope im saying this correctly but as you are an expert you must know what im getting at,but is there a software for that problem to,im fed up of wasting so many blank discs,

don't even know how to find these dills missing files or reg hkeys & i want to know all in one go what do i do first in easier diagram,im not a computer buff im just a junior,im sending you this link also where it says you cant really use the files if you have windows xp,im gtting confused again,copy & past this link into your browser & you will yourself what it is saying as you read down the list,

what is it that im having all these problems with i just don't get- go to this link & you will see then read it then try to find an easie alternitve if you can to solve this please,

& to stop all these pop ups they are driving me insane,can you also give me a free web browser surfing security anti virus protector that would be one of te best tools for me because im always on the net,so you can pick up viruses just going to more or less any web siteso help me im just a leaner in this field but im quite good i some things yet in others im useless,

please it would make it more understandable if you tel me in more detail so that i can save this information to my pc so that if it happens to me again this happens again i might have more knowllege aboutit & so that if my computer expert friend ever came to help me he would have the information right in front of him

another problem i need to solve is that you cant copy & paste everything on the pc,how can you do it another way if you tried to copy & pasting it & you then try to put it into the message blog here in the box it just wont do it,but if i knew how to do it then i will have given you all the information to tell you what is running on my pc & whats maybe in the back ground,is there a software that you can use for this,sorry for bugging you,

im disabled so im not as fast as your average bear,i await your speedy responce-heres the link it,http://glenstegner.com/dss1/copyqm.htm

 

Ok, one step at a time.

First, I need you to download and install an anti-virus to protect your computer, I would highly recommend you to use AVG 7.5, please download and install it at this link:

http://free.grisoft.com/filedir/inst/avg75free_519a1276.exe

Just do the above and tell me when you are done. Also, please rescan your computer with HijackThis and post the rescanned log.

To copy and paste texts, just highlight the texts you want and press Ctrl+C and then press Ctrl+V to paste it.

Go!

~Ltangel~

 

there you go ive downloaded avg free & ive installed it now im sending you the latest highjacker report log notebook,i await your next instructions,if we go through it like this slowly but surly we would have tweaked my pc back to better then its original state,it was quite slow in the past with a lot of freezing,because i like to open up page after page when im surfing is there a sofware free one out for that i need that so much,im downloading to as well sometimes to when im surfing but i do have 20 meg broard band which in the summer time will go up to 50 meg,im in all day today so everytime you reply i will be repling you bck as quick as i can ,thank you my friend,ive never really ever had many people in my life helping me out but i was always thinking & caring for them,i thank you so much NjUx20 NjUx20 NjUx20 NjUx20 NjUx20 NjUx20 NjUx20 NjUx20 NjUx20 NjUx20 NjUx20 NjUx20Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:02, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\WinPCDoctor\strpmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MemInfo\meminfo.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: 299914 helper - {47DF236B-7D10-4C01-9820-50C0D54E7841} - C:\WINDOWS\system32\299914\299914.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - C:\WINDOWS\system32\375013\375013.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinPCDoctor\strpmon.exe" dm=http://winpcdoctor.com ad=http://winpcdoctor.com sd=http://inspaid.winpcdoctor.com
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1201727103468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201727078062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: bimaculate - {d70e9b0f-aabc-4066-8176-c6de84d92fa1} - C:\WINDOWS\system32\kknwg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

--
End of file - 7962 bytes

 

Hey engin123,

Good job! Please bear in mind NOT to click on any unknown pop up links during this time I am helping you with fixing your computer.Also, please do NOT download anything unless instructed by me.

Now, please temporarily disable your AVG anti-virus by doing the following:

Please open the AVG Control Center program(at bottom right hand corner where AVG icon is) -> double-click on the "AVG Resident Shield" component -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting. Your AVG icon should turn grey.

Post back with a reply when you are done.

~Ltangel~

 

iv'e done that my number one friend

 

i clicked it to turn off after that is that ok when i tried to open it again it started to scan but i stopped that because i didn't know if im meant to leave it on,i have not changed any settings i hope not from doing that because it was under my tool bar on my pc aka start up menu bar

 

im ready now i understand that i never really did anything its still there but if i have to close the program when you next tell me what to please advise me if i have to

 

Hey engin123,

Is the AVG icon grey in color? If it is, it's already disabled.

NB: Please follow my instructions as closely as possible, and ask if you don't understand any part of the instructions.

----------------------------------------------------------------------

Run ComboFix


Please download ComboFix from Here or Here to your Desktop<-- Very Important!

*********

[*]Close any open browsers.
[*]WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
[*]Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[*]If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------
[*]Double click on combofix.exe & follow the prompts.
[*]When finished, it will produce a report for you.
[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Next reply (please include):

Fresh HijackThis log
C:\ComboFix.txt

Go!

~Ltangel~

 

ComboFix 08-03-26.3 - EDDY 2008-03-28 15:44:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.472 [GMT 0:00]
Running from: C:\Documents and Settings\EDDY\Local Settings\Temporary Internet Files\Content.IE5\T9OR50J2\ComboFix[1].exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-28 13:15 . 2008-03-28 13:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-28 13:15 . 2008-03-28 14:12 <DIR> d-------- C:\Documents and Settings\EDDY\Application Data\AVG7
2008-03-28 13:15 . 2008-03-28 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-28 13:15 . 2008-03-28 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-28 09:31 . 2008-03-28 09:31 <DIR> d-------- C:\Deckard
2008-03-28 07:45 . 2008-03-28 07:58 <DIR> d-------- C:\UBCD4Win
2008-03-28 01:46 . 2008-03-28 01:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 01:37 . 2008-03-28 01:37 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-28 00:57 . 2008-03-28 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-27 23:11 . 2008-03-27 23:11 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-03-27 23:01 . 2008-03-28 15:36 <DIR> d-------- C:\WINDOWS\system32\299914
2008-03-27 20:40 . 2008-03-27 20:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-27 20:40 . 2008-03-27 20:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 20:40 . 2008-03-27 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-27 18:41 . 2008-03-27 18:41 205,592 --a------ C:\Documents and Settings\EDDY\Application Data\installer_en[1].exe
2008-03-27 12:00 . 2008-03-27 12:00 <DIR> d-------- C:\Program Files\CCleaner
2008-03-27 02:29 . 2008-03-27 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YourPrivacyGuard
2008-03-27 00:31 . 2008-03-27 04:29 <DIR> d-------- C:\Program Files\Common Files\SecurePCCleaner
2008-03-27 00:24 . 2008-03-27 00:24 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\winpcdoctor
2008-03-27 00:23 . 2008-03-28 14:12 <DIR> d-------- C:\Program Files\Common Files\WinPCDoctor
2008-03-27 00:21 . 2008-03-27 01:42 261,896 --a------ C:\Documents and Settings\EDDY\Application Data\setup_en[1].exe
2008-03-26 23:55 . 2008-03-28 15:36 <DIR> d-------- C:\WINDOWS\system32\375013
2008-03-26 23:54 . 2008-03-28 01:37 <DIR> d-------- C:\Program Files\NetProject
2008-03-24 15:12 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-03-24 15:12 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-03-24 14:30 . 2008-03-24 14:30 5,275 --a------ C:\WINDOWS\SETUP.LST
2008-03-24 14:30 . 2008-03-24 14:30 303 --a------ C:\WINDOWS\ST6UNST.001
2008-03-24 14:30 . 2008-03-24 14:30 303 --a------ C:\WINDOWS\ST6UNST.000
2008-03-24 11:25 . 2008-03-24 13:47 224 --a------ C:\WINDOWS\system32\9B13A86D.plf
2008-03-24 11:22 . 2008-03-24 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-23 14:11 . 2008-03-23 14:11 <DIR> d-------- C:\Documents and Settings\EDDY\Application Data\MozillaControl
2008-03-22 21:16 . 2008-03-22 21:16 <DIR> d-------- C:\Documents and Settings\EDDY\AbiSuite
2008-03-22 19:59 . 2007-12-01 18:01 1,049,720 --a------ C:\WINDOWS\wweb32.dll
2008-03-22 18:30 . 2008-03-22 18:30 <DIR> d-------- C:\Program Files\LingvoSoft
2008-03-22 18:13 . 2008-03-22 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2008-03-20 12:58 . 2008-03-28 09:47 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-19 00:32 . 2008-03-19 06:45 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-19 00:27 . 2008-03-19 06:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-19 00:26 . 2008-03-19 00:27 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-03-18 23:36 . 2008-03-18 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-03-18 23:36 . 2008-03-18 23:36 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-03-18 23:36 . 2008-03-18 23:36 216,576 --a------ C:\WINDOWS\system32\monln.dll
2008-03-15 19:34 . 2008-03-15 19:34 <DIR> d-------- C:\Program Files\DivX
2008-03-15 19:31 . 2008-03-15 19:31 53,248 --a------ C:\WINDOWS\system32\DivXAF.ax
2008-03-15 19:28 . 2008-03-15 19:28 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-03-15 19:04 . 2008-03-15 19:04 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-12 03:02 . 2008-03-12 03:02 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-11 12:09 . 2008-03-11 12:09 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-11 12:09 . 2008-03-11 12:09 <DIR> d-------- C:\Program Files\Kontiki
2008-03-11 12:09 . 2008-03-11 12:09 <DIR> d-------- C:\logs3
2008-03-11 12:09 . 2008-03-28 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-02 06:54 . 1997-08-27 09:53 391,168 --a------ C:\WINDOWS\system32\i263_32.drv
2008-03-02 06:54 . 1998-07-30 12:51 305,152 --a------ C:\WINDOWS\IsUninst.exe
2008-03-02 06:54 . 1997-06-13 08:56 56,832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll
2008-03-02 06:54 . 1997-11-06 12:53 27,648 --a------ C:\WINDOWS\system32\ir50_lcs.dll
2008-03-02 06:54 . 2008-03-02 06:54 5,767 --a------ C:\WINDOWS\system32\CDUninst.isu
2008-03-02 06:51 . 2008-03-02 06:51 <DIR> d-------- C:\Program Files\LEAD Technologies, Inc
2008-03-02 06:51 . 2003-08-14 17:26 368,640 --------- C:\WINDOWS\system32\LCodcCMPe.dll
2008-03-02 06:35 . 2004-05-13 18:39 1,208,320 --a------ C:\WINDOWS\system32\cygxml2-2.dll
2008-03-02 06:35 . 2004-05-26 10:07 1,153,417 --a------ C:\WINDOWS\system32\cygwin1.dll
2008-03-02 06:35 . 2003-08-11 04:59 980,992 --a------ C:\WINDOWS\system32\cygiconv-2.dll
2008-03-02 06:35 . 2000-06-30 17:40 139,264 --a------ C:\WINDOWS\system32\Mpeg2Decoder.ax
2008-03-02 06:35 . 2000-06-26 13:13 94,208 --a------ C:\WINDOWS\system32\Mpeg2Parser.ax
2008-03-02 06:35 . 2003-12-04 11:03 62,464 --a------ C:\WINDOWS\system32\cygz.dll
2008-03-02 06:33 . 2002-11-02 09:53 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2008-03-01 18:34 . 2008-03-01 18:34 <DIR> d-------- C:\Program Files\iPod
2008-03-01 18:29 . 2008-03-17 22:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-01 18:29 . 2008-03-01 18:29 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 15:45 --------- d-----w C:\Documents and Settings\EDDY\Application Data\Azureus
2008-03-28 09:28 --------- d-----w C:\Documents and Settings\EDDY\Application Data\Vso
2008-03-28 05:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-27 20:30 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-25 21:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 13:04 --------- d-----w C:\Program Files\Azureus
2008-03-25 09:57 --------- d-----w C:\Documents and Settings\EDDY\Application Data\uTorrent
2008-03-24 16:02 --------- d-----w C:\Program Files\IObit
2008-03-24 15:12 13,312 --s-a-w C:\WINDOWS\system32\kknwg.dll
2008-03-24 10:35 --------- d-----w C:\Documents and Settings\EDDY\Application Data\CopyToDvd
2008-03-19 01:05 --------- d-----w C:\Program Files\XP Smoker
2008-03-17 22:31 --------- d-----w C:\Documents and Settings\EDDY\Application Data\BSplayer PRO
2008-03-15 19:10 --------- d-----w C:\Documents and Settings\EDDY\Application Data\DivX
2008-03-14 22:48 --------- d-----w C:\Documents and Settings\EDDY\Application Data\DVD Flick
2008-03-12 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-02 06:36 --------- d-----w C:\Program Files\Cucusoft
2008-03-01 18:34 --------- d-----w C:\Program Files\iTunes
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-18 13:13 --------- d-----w C:\Program Files\NCH Swift Sound
2008-02-15 02:44 --------- d-----w C:\Program Files\Driver Magician
2008-02-11 01:08 61,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-11 01:08 4,453,152 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-11 01:08 352,544 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-11 01:08 35,168 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-11 00:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-10 18:29 --------- d-----w C:\Program Files\ImgBurn
2008-02-10 18:29 --------- d-----w C:\Documents and Settings\EDDY\Application Data\ImgBurn
2008-02-10 00:00 --------- d-----w C:\Program Files\Alwil Software
2008-02-09 20:03 --------- d-----w C:\Documents and Settings\EDDY\Application Data\Any DVD Converter Professional
2008-02-09 20:00 --------- d-----w C:\Program Files\Any DVD Converter Professional
2008-02-09 19:53 --------- d-----w C:\Documents and Settings\EDDY\Application Data\Media Player Classic
2008-02-09 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 22:50 --------- d-----w C:\Program Files\iSofter
2008-02-06 21:29 --------- d-----w C:\Documents and Settings\EDDY\Application Data\Nero
2008-02-06 11:11 --------- d-----w C:\Documents and Settings\EDDY\Application Data\WinSpyControl
2008-02-06 11:10 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-05 22:05 --------- d-----w C:\Program Files\VSO
2008-02-05 15:19 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\NCH Swift Sound
2008-02-05 15:19 --------- d-----w C:\Documents and Settings\EDDY\Application Data\NCH Swift Sound
2008-02-05 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-05 10:43 --------- d-----w C:\Documents and Settings\EDDY\Application Data\Launchy
2008-02-05 09:30 --------- d-----w C:\Documents and Settings\EDDY\Application Data\VSO_HWE
2008-02-04 20:51 --------- d-----w C:\Documents and Settings\EDDY\Application Data\Ahead
2008-02-04 20:18 --------- d-----w C:\Program Files\MSECache
2008-02-04 19:59 --------- d-----w C:\Program Files\Microsoft DirectX SDK (November 2007)
2008-02-04 18:04 --------- d-----w C:\Program Files\Noël Danjou
2008-02-04 07:20 --------- d-----w C:\Program Files\MemInfo
2008-02-03 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-02-02 19:55 --------- d-----w C:\Documents and Settings\EDDY\Application Data\IObit
2008-02-02 18:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 17:16 --------- d-----w C:\Documents and Settings\EDDY\Application Data\SpywareRemover
2008-02-02 17:08 --------- d-----w C:\Program Files\Avant Browser
2008-02-02 17:08 --------- d-----w C:\Documents and Settings\EDDY\Application Data\Avant Profiles
2008-02-02 16:59 --------- d-----w C:\Program Files\Citi-Software
2008-02-02 16:17 --------- d-----w C:\Program Files\NCH Software
2008-02-02 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-02-01 23:01 --------- d-----w C:\Program Files\Cool PDF Reader
2008-02-01 22:32 --------- d-----w C:\Program Files\Machinist2DLL
2008-02-01 21:49 --------- d-----w C:\Program Files\007DVD
2008-02-01 09:31 --------- d-----r C:\Documents and Settings\EDDY\Application Data\Brother
2008-02-01 09:17 --------- d-----w C:\Program Files\Brother
2008-02-01 09:15 --------- d-----w C:\Documents and Settings\EDDY\Application Data\InstallShield
2008-02-01 09:14 --------- d-----w C:\Program Files\Nuance
2008-02-01 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-02-01 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-01 09:13 --------- d-----w C:\Program Files\ScanSoft
2008-02-01 09:13 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-02-01 09:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-01 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Brother
2008-02-01 08:05 --------- d-----w C:\Program Files\uTorrent
2008-02-01 01:00 --------- d-----w C:\Program Files\Real
2008-02-01 00:42 --------- d-----w C:\Program Files\AC3Filter
2008-02-01 00:18 --------- d-----w C:\Program Files\coverXP
2008-02-01 00:07 --------- d-----w C:\Program Files\DVDFab Gold 4
2008-01-31 23:56 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-31 23:56 47,360 ----a-w C:\Documents and Settings\EDDY\Application Data\pcouffin.sys
2008-01-31 23:56 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-01-31 23:50 --------- d-----w C:\Documents and Settings\EDDY\Application Data\Apple Computer
2008-01-31 23:49 --------- d-----w C:\Program Files\Bonjour
2008-01-31 23:48 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-31 23:48 --------- d-----w C:\Program Files\Apple Software Update
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
2008-03-28 03:14 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Program Files\NetProject\wamdl.dll [2008-03-26 23:55 85504]

[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol Helper DLL"="C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll" [2008-01-27 05:38 62768]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-02-27 17:56 1032376]
"SpyShredder"="C:\Program Files\SpyShredder\SpyShredder.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-01-07 23:29 2743552]
"SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-28 13:15 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-28 13:15 219136]

C:\Documents and Settings\EDDY\Start Menu\Programs\Startup\
MemInfo.lnk - C:\Program Files\MemInfo\meminfo.exe [2008-01-13 17:16:32 724480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoStartMenuEjectPC"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"start"= C:\Program Files\NetProject\sbmntr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 0 (0x0)
"NoToolbarCustomize"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoInstrumentation"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoRecycleFiles"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStartMenuEjectPC"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{d70e9b0f-aabc-4066-8176-c6de84d92fa1}"= C:\WINDOWS\system32\kknwg.dll [2008-03-24 15:12 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-04-21 17:03 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\EDDY\\Desktop\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Documents and Settings\\EDDY\\Desktop\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\007DVD\\007 DVD Creator\\DVDCreator.exe"=
"C:\\Program Files\\Any DVD Converter Professional\\DVDConvPro.exe"=
"C:\\Program Files\\VSO\\ConvertX\\3\\ConvertXtoDvd.exe"=
"C:\\Program Files\\DivX\\DivX Codec\\DivX EKG.exe"=
"C:\\Program Files\\DivX\\DivX Player\\DivX Player.exe"=
"C:\\Program Files\\VSO\\DivxToDVD\\DivxToDVD.exe"=
"C:\\Program Files\\DVDFab Gold 4\\DVDFabGold.exe"=
"C:\\Program Files\\DVDFab Platinum 4\\DVDFabPlatinum.exe"=
"C:\\Program Files\\IObit\\IObit SmartDefrag\\IObit SmartDefrag.exe"=
"C:\\Documents and Settings\\EDDY\\My Documents\\The KMPlayer\\KMPlayer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"C:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"=
"C:\\Program Files\\WinRAR\\WinRAR.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"3027:UDP"= 3027:UDP:Windows Media Format SDK (firefox.exe)
"3026:UDP"= 3026:UDP:Windows Media Format SDK (firefox.exe)
"3028:UDP"= 3028:UDP:Windows Media Format SDK (firefox.exe)

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 11:44]

*Newly Created Service* - AVG7ALRT
*Newly Created Service* - AVG7CORE
*Newly Created Service* - AVG7RSW
*Newly Created Service* - AVG7RSXP
*Newly Created Service* - AVG7UPDSVC
*Newly Created Service* - AVGCLEAN
*Newly Created Service* - AVGEMS
*Newly Created Service* - AVGTDI
.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 18:00:00 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\rundll32.exe@
"2008-03-24 16:02:47 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 15:45:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SM_IAN = C:\Program Files\AdvancedCleaner Free\ian_monitor.exe??|??????????@???@????????????????|??@?????????p???????? A?3??|???|??C???@???@???????C????????|??@?????????,?????@???@?d???u)?|??@??????????)?|???|??C???@?3??|??????C???@???@?????????? A????|??????@?d??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\kknwg.dll
.
Completion time: 2008-03-28 15:45:28
ComboFix-quarantined-files.txt 2008-03-28 15:45:21
ComboFix2.txt 2008-03-28 15:36:43
Pre-Run: 138,251,771,904 bytes free
Post-Run: 138,242,195,456 bytes free
.
2008-03-28 03:07:35 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:50, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MemInfo\meminfo.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1201727103468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201727078062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: bimaculate - {d70e9b0f-aabc-4066-8176-c6de84d92fa1} - C:\WINDOWS\system32\kknwg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

--
End of file - 7318 bytes

 

thank you so far you are bruce lee & i am your pupal,whats next to be done now,iv'e saved the combo log onto my desktop but if it was the combo itself no i didn't from where im standing i think maybe im wrong or maybe im right you tell me,the combo seems to me as if it a back ground software because its not on my desktop & its not in my all programs,iv'e also noticed bruce that this was on the combo to

-WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
its tru because whenever we tried to use a restore point after when the pc rebooted it would say not done go back & try again,no matter how many times we tried we just could not ever restore my pc just incase we needed to ,we have to add that now also to the list bruce so that can be a part of the windows xp

 

Hey engin123,

Good work so far. But we have lots more work to do, let's do it slowly.

Install recovery console

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System (Your Operating System is Windows XP Service Pack 2).



Download the file & save it as it's originally named, next to ComboFix.exe.<--- Important!



Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

 

Hey engin123,

I gotta go to sleep now. Please post the log I required and I'll get back to you tomorrow. Please do NOT fix or download anything during this time. It's best that you leave your computer alone until I get back to you.

~Ltangel~

 

thank you so much for your help,my name is eddy by the way ,whats your i also live in london,i supose you live in the states,iv'e looked in add & remove the combofix[1] is not there but when i went to local disc c drive i clicked it twice & in there was the folder only buth nothing inside,so at least i have found it,i will do what you said & post it to you,have a nice sleep,

i nearly gave up on humanity,but god played it back to me & said somewhere or anywhere theres always a soul that has the heart & care of a real gentleman & i have to say hand on my heart that you fit the bill,i will be looking at my pc all day tomorrow & when i here from you we will carry on where we left off,

if i could ever be of any help to you just ask,you are welcome,good night bruce,it realy does mean a lot to me what you are willing to do for me & yet you don't even know me i my eyes you are a blessing in discise,thank you again

 

iv'e just tried to look at what you are telling me to do,i will at least try to do it all though when you are around it makes it that much easier as i stated in my last blog i sent you for me to drag the intallation setup into the folder of combo fix[1] i will have to drag
& drop the combofix [1] folder from the local disk
(c)can that be done or do i drag it to the local disk (c)& then drag & drop it,

i dont want to download it until you tell me otherwise bruce,thats not a good student,i don't wantto mess things up,i await your reply,then i will do what you tell me because im already in the page set up ready to start the download of the

Windows XP Professional with Service Pack 2 Utility: Setup Disks for Floppy Boot Install
Brief Description


Quick Details
The Windows XP startup disk allows computers without a bootable CD-ROM to perform a new installation of the operating system

File Name: WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
Version: SP2
Date Published: 8/9/2004
Language: English
Download Size: 4.4 MB
Estimated Download Time: 11 min 56K Dial-up (56K)DSL/Cable (256K)DSL/Cable (768K)T1 (1.5M) 11 min

ive just pasted what you asked of me,
--------------------------------------------------------------------------------
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.